My Cpanel/whm powered server falls under a larger government policy which has updated its security policies and its now performing weekly audits / scans.
In order to be compliant, I need to add a custom response header to all responses returned by cpsrvd
(specifically: Content-Security-Policy: frame-ancestors, although it's possible others will be added in the future)
I am not finding where to add a custom header; googling for the subject mostly leads to a binary option to add a preset X-Frame-Options in WHM tweak settings.
Does anyone know how do I add/modify a custom header to cpsrvd pages?
There's a somewhat related post here:
forums.cpanel.net
where the user is looking to modify the X-Frame-Options: SAMEORIGIN to ALLOWALL and thread ends with no solution.
will i need to insert a proxy layer on top of my server for this?
if anyone has any info, would be appreciated!
In order to be compliant, I need to add a custom response header to all responses returned by cpsrvd
(specifically: Content-Security-Policy: frame-ancestors, although it's possible others will be added in the future)
I am not finding where to add a custom header; googling for the subject mostly leads to a binary option to add a preset X-Frame-Options in WHM tweak settings.
Does anyone know how do I add/modify a custom header to cpsrvd pages?
There's a somewhat related post here:
Unset / allowall "X-Frame-Options" in cPanel without using ssh?
This new setting, which I believe cpanel has enforced in one of my recent cpanel updates to only the origin domain, needs to be changed on my server. I can see that there is a cpanel option called "Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd", but this notes that it sets...
where the user is looking to modify the X-Frame-Options: SAMEORIGIN to ALLOWALL and thread ends with no solution.
will i need to insert a proxy layer on top of my server for this?
if anyone has any info, would be appreciated!
Last edited by a moderator:
